<?php
header("Content-type:text/html; charset=utf-8;");
require '../../ppf/fun.php';
require '../../ppf/pdo_mysql.php';
require '../../ppf/Filter.php';

date_default_timezone_set("PRC");
$pd=new pdo_mysql();
$filter=new Filter();

$submitMethod=$_SERVER["REQUEST_METHOD"];
if($submitMethod=='POST'){
    $now=date('Y-m-d H:i:s');
    $username  = Filter::safe_string($_POST['username']);
    $password  = Filter::safe_string($_POST['password']);

    #获取IP值
    //$IP        = getIP($realip);
    $s_where="";
    //判断邮件
    $pattern = "/^([0-9A-Za-z\\-_\\.]+)@([0-9a-z]+\\.[a-z]{2,3}(\\.[a-z]{2})?)$/i";

    if(preg_match($pattern,$username) )
    {
        $s_where=$s_where." and email='".$username."' ";
    }
    else if(is_idcard($username)){
        $s_where=$s_where." and idnumber='".$username."' ";
    }
    else if(preg_match("/^1[34578]\d{9}$/", $username)){
        $s_where=$s_where." and mobile='".$username."' ";
    }else{
        $s_where=$s_where." and username='".$username."' ";
    }

    $sql="select * from sys_member where pmd5='".md5($password)."' ".$s_where;

	$user=$pd->query($sql)->fetch(PDO::FETCH_ASSOC);

	if($user){
        $ischeck=$user["ischeck"];
        $state=$user["state"];
        $role=$user["role"];
        if($ischeck==0){
            /*$tips=array(
                'tips'=>'用户未审核，请联系管理员。',
                'url' =>'./?t=login'
            );
            $tips=urlencode(serialize($tips));
            header('Location:../tips.php?gets='.$tips);exit;*/
            echo "<script> alert('用户未审核，请联系管理员。');parent.location.href='../?t=login'; </script>"; return;
            //run_pg('用户未审核，请联系管理员。','../?t=login');
        }
        if($state==1){
            /*$tips=array(
                'tips'=>'用户已禁用，请联系管理员。',
                'url' =>'./?t=login'
            );
            $tips=urlencode(serialize($tips));
            header('Location:../tips.php?gets='.$tips);exit;*/
            echo "<script> alert('用户已禁用，请联系管理员。');parent.location.href='../?t=login'; </script>"; return;
            //run_pg('用户已禁用，请联系管理员。','../?t=login');
        }
        if (!session_id()) session_start();
        $_SESSION["uid"]=$user["id"];
        $_SESSION["username"]=$user["username"];
        $_SESSION["idtype"]=$user["idtype"];
        $_SESSION["department"]=$user["department"];
        $_SESSION["role"]=$role;
        $_SESSION["school"]=$user["school"];
        $_SESSION["nick"]=$user["nick"];

        #记录登录信息
		/*$in_log=array(
			'oper_id' =>$_SESSION["uid"],
			'sub_id'  =>50,
			'ip_addr' =>$IP,
			'time'    =>$now
	    );
		$result=$pd->insert(array('data'=>$in_log,'table'=>'sys_log'));*/
        $wx_id=isset($_COOKIE["wx_id"])?$_COOKIE["wx_id"]:"";
        if(!empty($wx_id)){
            $pd->exec("update sys_member set qywxid='".$wx_id."' where id='".$user["id"]."'");
        }
        
        echo "<script> alert('登陆成功');parent.location.href='../?t=index'; </script>"; return;
        //run_pg('登陆成功!','../?t=index');
	}else{
		/*$tips=array(
			'tips'=>'用户名或密码错误。',
			'url' =>'./?t=login'
		);
		$tips=urlencode(serialize($tips));
		header('Location:../tips.php?gets='.$tips);*/
        echo "<script> alert('用户名或密码错误。');parent.location.href='../?t=login'; </script>"; return;
        //run_pg('用户名或密码错误。','../?t=login');
	}

}else{
	/*$tips=array(
		'tips'=>'不允许的表单提交方式，请按正常流程提交表单。',
		'url'=>'index.php'
	);
	$tips=urlencode(serialize($tips));
	header('Location:../tips.php?gets='.$tips);*/
    echo "<script> alert('不允许的表单提交方式，请按正常流程提交表单');parent.location.href='../?t=login'; </script>"; return;
    //run_pg('不允许的表单提交方式，请按正常流程提交表单','../?t=login');
}

function is_idcard($sid) 
{
    $id = strtoupper($sid);
    $regx = "/(^\d{15}$)|(^\d{17}([0-9]|X)$)/";
    $arr_split = array();
    if(!preg_match($regx, $id)){
        return false;
    }
    if(15==strlen($id)) //检查15位
    {
        $regx = "/^(\d{6})+(\d{2})+(\d{2})+(\d{2})+(\d{3})$/";
        @preg_match($regx, $id, $arr_split); 
        //检查生日日期是否正确
        $dtm_birth = "19".$arr_split[2] . '/' . $arr_split[3]. '/' .$arr_split[4];
        if(!strtotime($dtm_birth)){
            return false;
        }else{
            return true;
        }
    }else{
        //检查18位 
        $regx = "/^(\d{6})+(\d{4})+(\d{2})+(\d{2})+(\d{3})([0-9]|X)$/";
        @preg_match($regx, $id, $arr_split); 
        $dtm_birth = $arr_split[2] . '/' . $arr_split[3]. '/' .$arr_split[4]; 
        if(!strtotime($dtm_birth)) //检查生日日期是否正确
        {
            return  false;
        }else{
            //检验18位身份证的校验码是否正确。 
            //校验位按照ISO 7064:1983.MOD 11-2的规定生成，X可以认为是数字10。
            $arr_int = array(7, 9, 10, 5, 8, 4, 2, 1, 6, 3, 7, 9, 10, 5, 8, 4, 2); 
            $arr_ch = array('1', '0', 'X', '9', '8', '7', '6', '5', '4', '3', '2');
            $sign = 0;
            for ( $i = 0; $i < 17; $i++ ) {
                $b = (int) $id{$i};
                $w = $arr_int[$i];
                $sign += $b * $w;
            }
            $n = $sign % 11; 
            $val_num = $arr_ch[$n]; 
            if ($val_num != substr($id,17, 1)){
                return false;
            }else{
                return true;
            }
        }
    }
}
function run_pg($mes,$ul) {
    echo '<script src="/widget/jquery/jquery-3.2.1.min.js"></script><script src="/widget/layer/3.0.3/layer.js"></script>';
    echo "<script> layer.msg('".$mes."');parent.location.href='".$ul."';</script>"; return;
}

?>